From cee64fd3e5383a388b58d570c5d16d95de30f1be Mon Sep 17 00:00:00 2001 From: "zelidrag@chromium.org" Date: Mon, 2 May 2011 18:59:07 +0000 Subject: blob_storage_controller.cc assert from this bug was caused by the fact that worker thread actually run in a different renderer process from the main page JS thread. chrome.fileBrowserPrivate.* methods grant access to files through ChildProcessSecurityPolicy class, but such file permissions would end up associated with renderer process of the main thread only. When worker tries to register blobs representing such files, ChildProcessSecurityPolicy check would reject it since its client process id has nothing to do with main renderer's id. This CL adds mapping between worker and main renderer processes and uses that to ensure that worker thread renderer process file permissions are "inherited" from its main JS thread renderer child process. BUG=chromium-os:14680 TEST=added extra tests to ChildProcessSecurityPolicyTest.FilePermissions Review URL: http://codereview.chromium.org/6893145 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@83754 0039d316-1c4b-4281-b951-d872f2087c98 --- content/browser/child_process_security_policy.cc | 48 ++++++++++++++++++------ 1 file changed, 37 insertions(+), 11 deletions(-) (limited to 'content/browser/child_process_security_policy.cc') diff --git a/content/browser/child_process_security_policy.cc b/content/browser/child_process_security_policy.cc index cda7a06..eac07c4 100644 --- a/content/browser/child_process_security_policy.cc +++ b/content/browser/child_process_security_policy.cc @@ -157,12 +157,14 @@ ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() { void ChildProcessSecurityPolicy::Add(int child_id) { base::AutoLock lock(lock_); - if (security_state_.count(child_id) != 0) { - NOTREACHED() << "Add child process at most once."; - return; - } + AddChild(child_id); +} - security_state_[child_id] = new SecurityState(); +void ChildProcessSecurityPolicy::AddWorker(int child_id, + int main_render_process_id) { + base::AutoLock lock(lock_); + AddChild(child_id); + worker_map_[child_id] = main_render_process_id; } void ChildProcessSecurityPolicy::Remove(int child_id) { @@ -172,6 +174,7 @@ void ChildProcessSecurityPolicy::Remove(int child_id) { delete security_state_[child_id]; security_state_.erase(child_id); + worker_map_.erase(child_id); } void ChildProcessSecurityPolicy::RegisterWebSafeScheme( @@ -405,12 +408,18 @@ bool ChildProcessSecurityPolicy::CanReadDirectory(int child_id, bool ChildProcessSecurityPolicy::HasPermissionsForFile( int child_id, const FilePath& file, int permissions) { base::AutoLock lock(lock_); - - SecurityStateMap::iterator state = security_state_.find(child_id); - if (state == security_state_.end()) - return false; - - return state->second->HasPermissionsForFile(file, permissions); + bool result = ChildProcessHasPermissionsForFile(child_id, file, permissions); + if (!result) { + // If this is a worker thread that has no access to a given file, + // let's check that its renderer process has access to that file instead. + WorkerToMainProcessMap::iterator iter = worker_map_.find(child_id); + if (iter != worker_map_.end() && iter->second != 0) { + result = ChildProcessHasPermissionsForFile(iter->second, + file, + permissions); + } + } + return result; } bool ChildProcessSecurityPolicy::HasWebUIBindings(int child_id) { @@ -442,3 +451,20 @@ bool ChildProcessSecurityPolicy::CanReadRawCookies(int child_id) { return state->second->can_read_raw_cookies(); } + +void ChildProcessSecurityPolicy::AddChild(int child_id) { + if (security_state_.count(child_id) != 0) { + NOTREACHED() << "Add child process at most once."; + return; + } + + security_state_[child_id] = new SecurityState(); +} + +bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile( + int child_id, const FilePath& file, int permissions) { + SecurityStateMap::iterator state = security_state_.find(child_id); + if (state == security_state_.end()) + return false; + return state->second->HasPermissionsForFile(file, permissions); +} -- cgit v1.1